Table of Contents


Single Sign-on (SSO) allows applications on the Redox network to securely connect to other applications and share the login context for a user. The most common use case is a provider in an EHR launching an integrated application, and being automatically logged in, as well as passing context such as which patient and visit are open.

The Redox Single Sign-on data model abstracts away various vendor authentication strategies, such as the SAML Web Browser Profile, but we will support any browser-based SSO scheme an EHR uses as long as it meets our bar for security.

Check out SSO Through Redox - Under the Hood for more information.

How Redox Sits in between you and SSO

All single sign-on schemes hinge on validating that a user is who they say they are.

The goal of Redox SSO is to simplify all the moving pieces and roles to just two: you and Redox. You trust us to verify that the SSO request is valid, and we normalize and pull as much information as possible to pass along.

JSON Web Tokens

The SSO data model uses JSON Web Tokens (JWT) to convey who the user is. The basis for the structure of our tokens is the OpenID ID Token.

When setting up SSO, Redox will generate a shared secret that we sign our token with. You are responsible for validating the signature using this shared secret, along with fields in the token itself (for example, the expiration).

We recommend the useful tools and documentation at (created by Auth0) for testing and debugging JWTs.